Topic: squid+dansguardian+sarg report only with localhost tag

[dadoudidon]

Hello

I installed dansguardian and sarg last month.
without authentification, 3128 redirect trough dansguardian other ports (80.8080) blocked following the howto in the wiki.

It was runnig well but since some days all reports are under localhost 127.0.0.1.

Here squid log before:

Code: [Select]

185674758.259    141 192.168.1.10 TCP_MISS/200 374 POST http://www.mio-tech.be/POIDataBase/LoGon.php - DIRECT/80.66.133.137 text/html
1185674758.431    139 192.168.1.10 TCP_MISS/200 374 GET http://www.mio-tech.be/POIDataBase/Check.php - DIRECT/80.66.133.137 text/html
1185674843.702    193 192.168.1.10 TCP_CLIENT_REFRESH_MISS/200 345 GET http://ui.skype.com/ui/0/3.2.0.163/fr/getlatestversion? - DIRECT/212.72.49.131 text/plain
1185676211.858    394 192.168.1.10 TCP_MISS/200 1531 GET http://xoap.weather.com/weather/local/FRXX0153? - DIRECT/65.207.183.49 text/plain
1185676501.487      1 192.168.1.10 TCP_DENIED/407 383 HEAD http://download.windowsupdate.com/v7/windowsupdate/redir/wuredir.cab? - NONE/- text/html
1185676558.292    140 192.168.1.10 TCP_MISS/200 374 POST http://www.mio-tech.be/POIDataBase/LoGon.php - DIRECT/80.66.133.137 text/html
1185676558.438    137 192.168.1.10 TCP_MISS/200 374 GET http://www.mio-tech.be/POIDataBase/Check.php - DIRECT/80.66.133.137 text/html
and the actual logs

Code: [Select]

1188703805.950    544 127.0.0.1 TCP_MISS/200 304 GET http://download104.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/74.53.75.194 application/octet-stream
1188703807.325    418 127.0.0.1 TCP_MISS/200 303 GET http://download918.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.86.96.164 application/octet-stream
1188703807.528    178 127.0.0.1 TCP_MISS/200 304 GET http://download918.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.86.96.164 application/octet-stream
1188718253.685    464 127.0.0.1 TCP_MISS/200 304 GET http://download910.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/209.62.112.146 application/octet-stream
1188718254.913    428 127.0.0.1 TCP_MISS/200 304 GET http://download205.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/75.126.130.172 application/octet-stream
1188718255.127    204 127.0.0.1 TCP_MISS/200 305 GET http://download205.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/75.126.130.172 application/octet-stream
1188732697.587    405 127.0.0.1 TCP_MISS/200 304 GET http://download202.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/75.126.120.196 application/octet-stream
1188732699.034    624 127.0.0.1 TCP_MISS/200 304 GET http://download106.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.53.75.226 application/octet-stream
1188732699.240    194 127.0.0.1 TCP_MISS/200 305 GET http://download106.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.53.75.226 application/octet-stream
1188747142.703    636 127.0.0.1 TCP_MISS/200 304 GET http://download49.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/207.44.176.117 application/octet-stream
1188747144.487    785 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 304 GET http://download209.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/75.126.203.67 application/octet-stream
1188747144.668    170 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 305 GET http://download209.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/75.126.203.67 application/octet-stream
1188761590.040   1342 127.0.0.1 TCP_MISS/200 304 GET http://download95.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/75.126.130.166 application/octet-stream
1188761591.291    471 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 304 GET http://download929.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.86.125.40 application/octet-stream
1188761591.480    178 127.0.0.1 TCP_MISS/200 918 GET http://download929.avast.com/iavs4x/prod-av_pro.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761591.728    212 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 304 GET http://download929.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.86.125.40 application/octet-stream
1188761592.257    509 127.0.0.1 TCP_MISS/200 17055 GET http://download929.avast.com/iavs4x/jollyroger.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761592.485    171 127.0.0.1 TCP_MISS/200 575 GET http://download929.avast.com/iavs4x/part-jrog-15.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761592.769    180 127.0.0.1 TCP_MISS/200 1008 GET http://download929.avast.com/iavs4x/jrog-15-14.vpu - DIRECT/74.86.125.40 application/octet-stream
1188761601.294    452 127.0.0.1 TCP_MISS/200 304 GET http://download8.avast.com/iavs4x/servers.def.vpu.stamp - DIRECT/67.15.104.48 application/octet-stream
1188761602.688    441 127.0.0.1 TCP_MISS/200 304 GET http://download53.avast.com/iavs4x/prod-av_pro.vpu.stamp - DIRECT/74.52.7.58 application/octet-stream
1188761602.922    195 127.0.0.1 TCP_MISS/200 304 GET http://download53.avast.com/iavs4x/jollyroger.vpu.stamp - DIRECT/74.52.7.58 application/octet-stream
1188761603.142    198 127.0.0.1 TCP_MISS/200 1179 GET http://download53.avast.com/iavs4x/part-vps-77102.vpu - DIRECT/74.52.7.58 application/octet-stream
1188761604.862    385 127.0.0.1 TCP_MISS/200 3969 GET http://download53.avast.com/iavs4x/vpsm-77102.vpu - DIRECT/74.52.7.58 application/octet-stream

by the way does someone knows how to purge datas in sarg?

thanks for all

David

[chris burnat]

I am experiencing same problem.  I found the following info on the Dungog site:

set sarg to look for dansguardian logs
/usr/bin/sarglog dansguardian

Not sure how to achieve this at the moment, but it is a start...
If you find out how to achieve this before me, please share it.
Rgds.

Edit.
check:
http://forums.contribs.org/index.php?topic=38096.0

[chris burnat]

[root@gateway1 bin]# /usr/bin/sarglog dansguardian
sarg to use dansguardian logs

[stephen noble]

>without authentification

I don't know how sarg/squid will know how to identify users without authentication

add to the wiki if it isn't clear  http://wiki.contribs.org/Sarg

[chris burnat]

After reading the Wikis (thanks Stephen) this is what I done:

#set sarg to look for dansguardian log

Code: [Select]

[root@gateway1 bin]# /usr/bin/sarglog dansguardian
sarg to use dansguardian logs
# Force dansguardian to use squid log format from panel
# Ensure that everything is logged, not just blocked sites (the default).

# Note:

Code: [Select]

[root@gateway1 ~]# config show sarg logfile     
sarg=service
    language=English
    logfile=squid
    values=bytes
If not:

Code: [Select]

[root@gateway1 ~]# config setprop sarg logfile squid
[root@gateway1 ~]# config show sarg logfile
sarg=service
    language=English
    logfile=squid
    values=abbreviation
# Expand:

Code: [Select]

[root@gateway1 ~]# /usr/bin/sarglog
useage
sarglog (squid|dansguardian)

[root@gateway1 ~]# /usr/bin/sarglog dansguardian
sarg to use dansguardian logs
To test, you can access a few sites, including sites which you know will be blocked by Dans. 
#Do a manual update:

Code: [Select]

[root@gateway1 ~]# /usr/bin/sarg
SARG: Records in file: 4658, reading: 100.00%
Check the "One shot report" (takes a while to appear, wait...)
Its all there, including a new section for Dansguardian, you will also see which sitew have been blocked, with dates, time, etc.  I am running transparent proxy, so of course users are not displayed, but IP addresses are.

[dadoudidon]

>without authentification

I don't know how sarg/squid will know how to identify users without authentication

add to the wiki if it isn't clear  http://wiki.contribs.org/Sarg

Yes it works well and log ip's. I do not need more authentification


And thanks Burnat, it works well now

David

[swissis]

After doing these steps i still see:

/usr/bin/sarg

SARG: Records in file: 14050, reading: 100.00%
SARG: No records found
SARG: End

And only the localhost is listed.

The contents of the access.log in /var/log/dansguardian/ looks fine i think